[go: up one dir, main page]

US10432609B2 - Device-bound certificate authentication - Google Patents

Device-bound certificate authentication Download PDF

Info

Publication number
US10432609B2
US10432609B2 US13/791,006 US201313791006A US10432609B2 US 10432609 B2 US10432609 B2 US 10432609B2 US 201313791006 A US201313791006 A US 201313791006A US 10432609 B2 US10432609 B2 US 10432609B2
Authority
US
United States
Prior art keywords
certificate
computer
remote device
digital fingerprint
digital
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
US13/791,006
Other versions
US20130212382A1 (en
Inventor
Craig S. Etchegoyen
Dono Harjanto
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Device Authority Ltd
Original Assignee
Device Authority Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from PCT/US2012/037837 external-priority patent/WO2013009385A2/en
Application filed by Device Authority Ltd filed Critical Device Authority Ltd
Priority to US13/791,006 priority Critical patent/US10432609B2/en
Assigned to UNILOC LUXEMBOURG S.A. reassignment UNILOC LUXEMBOURG S.A. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ETCHEGOYEN, CRAIG S., HARJANTO, DONO
Publication of US20130212382A1 publication Critical patent/US20130212382A1/en
Assigned to DEVICEAUTHORITY, INC. reassignment DEVICEAUTHORITY, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: UNILOC LUXEMBOURG S.A.
Assigned to CRYPTOSOFT LIMITED reassignment CRYPTOSOFT LIMITED MERGER (SEE DOCUMENT FOR DETAILS). Assignors: DEVICEAUTHORITY, INC.
Assigned to DEVICE AUTHORITY LTD reassignment DEVICE AUTHORITY LTD CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: CRYPTOSOFT LIMITED
Assigned to UNILOC LUXEMBOURG S.A. reassignment UNILOC LUXEMBOURG S.A. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ETCHEGOYEN, CRAIG S.
Assigned to UNILOC LUXEMBOURG S.A. reassignment UNILOC LUXEMBOURG S.A. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: HARJANTO, DONO
Assigned to NETAUTHORITY, INC. reassignment NETAUTHORITY, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: UNILOC LUXEMBOURG S.A.
Assigned to UNILOC LUXEMBOURG S.A. reassignment UNILOC LUXEMBOURG S.A. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: NETAUTHORITY, INC.
Assigned to UNILOC LUXEMBOURG S.A. reassignment UNILOC LUXEMBOURG S.A. CORRECTIVE ASSIGNMENT TO CORRECT THE INCORRECT APPL. NO. 13/797,006 PREVIOUSLY RECORDED AT REEL: 041062 FRAME: 0591. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT. Assignors: ETCHEGOYEN, CRAIG S.
Publication of US10432609B2 publication Critical patent/US10432609B2/en
Application granted granted Critical
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/33User authentication using certificates
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • H04L9/3231Biological data, e.g. fingerprint, voice or retina
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Definitions

  • the present invention relates generally to computer security and, more particularly, methods of and systems for securely authenticating devices.
  • Digital certificates are used in cryptographic systems, particularly those using PKI (Public Key Infrastructure), to authenticate data in various contexts. For example, device drivers often require authentication using a certificate of the source of the particular driven device before a computer will permit installation of the device driver to ensure that the device will behave properly. In addition, certificates can be used to identify computers as authorized to access secure content.
  • PKI Public Key Infrastructure
  • a device-bound certificate authority binds a certificate to one or more devices by including digital fingerprints of the devices in the certificate.
  • a device only uses a device-bound certificate if the digital fingerprint of the device is included in the certificate and is verified.
  • a certificate is only usable by one or more devices to which the certificate is explicitly bound.
  • Such device-bound certificates can be used for various purposes served by certificates generally such as device driver authentication and authorization of access to secure content, for example.
  • FIG. 1 is a diagram showing a client computer and a device-bound certificate authority that manage device-bound certificates in accordance with one embodiment of the present invention.
  • FIG. 2 is a transaction diagram illustrating one method of serving a device-bound certificate by the device-bound certificate authority of FIG. 1 to the client computer of FIG. 1 .
  • FIG. 3 is a block diagram showing the client computer of FIG. 1 in greater detail.
  • FIG. 4 is a block diagram showing the device-bound certificate authority of FIG. 1 in greater detail.
  • FIG. 5 is a transaction diagram illustrating one embodiment according to the invention of a method of using a device-bound certificate by the client computer of FIG. 1 to authenticate a device driver for installation.
  • FIG. 6 is a transaction diagram illustrating one embodiment of a method of using a device-bound certificate by a server of FIG. 1 to authenticate the client computer of FIG. 1 for establishing a secure connection therewith.
  • FIG. 7 is a block diagram showing the server of FIG. 1 in greater detail.
  • FIG. 8 is a block diagram illustrating one embodiment of a device-bound certificate in accordance with the present invention.
  • FIG. 9 is a block diagram illustrating one example of a digital fingerprint record of a digital fingerprint registry of the device-bound certificate authority of FIG. 4 .
  • digital certificates 802 ( FIG. 8 ) are bound to specific devices and are therefore each usable by one or more explicitly authorized devices, e.g., client computer 102 ( FIG. 1 ).
  • client computer 102 FIG. 1
  • a digital certificate copied from client computer 102 cannot be used on another device unless that other device is explicitly authorized within the digital certificate.
  • device-bound certificate authority 108 binds certificate 802 ( FIG. 8 ) to client computer 102 by including authorized device data 804 in certificate 802 .
  • Authorized device data 804 uniquely identifies at least one authorized device from all other devices to which device-bound certificate authority can serve certificates and identifies client computer 102 by a digital fingerprint of client computer 102 , for example. Digital fingerprints are known and are described, e.g., in U.S. Pat. No. 5,490,216 (sometimes referred to herein as the '216 Patent) and that description is incorporated herein by reference.
  • certificate 802 is an X.509 certificate based on RFC-2459.
  • client computer 102 Prior to using certificate 802 , client computer 102 always verifies that authorized device data 804 indicates that client computer 102 is authorized to use certificate 802 . As described more completely below, such indicates that client computer 102 received certificate 802 from a device-bound certificate authority that client computer 102 trusts and with which client computer 102 has registered.
  • client computer 102 FIG. 1
  • device-bound certificate authority 108 Before describing the management and use of device-bound certificates in accordance with the present invention, some elements of client computer 102 ( FIG. 1 ) and device-bound certificate authority 108 are briefly described.
  • Client computer 102 is shown in greater detail in FIG. 3 and includes one or more microprocessors 308 (collectively referred to as CPU 308 ) that retrieve data and/or instructions from memory 306 and execute retrieved instructions in a conventional manner.
  • Memory 306 can include generally any computer-readable medium including, for example, persistent memory such as magnetic and/or optical disks, ROM, and PROM and volatile memory such as RAM.
  • CPU 308 and memory 306 are connected to one another through a conventional interconnect 310 , which is a bus in this illustrative embodiment and which connects CPU 308 and memory 306 to one or more input devices 302 , output devices 304 , and network access circuitry 322 .
  • Input devices 302 can include, for example, a keyboard, a keypad, a touch-sensitive screen, a mouse, and a microphone.
  • Output devices 304 can include, for example, a display—such as a liquid crystal display (LCD)—and one or more loudspeakers.
  • Network access circuitry 322 sends and receives data through a wide area network 106 ( FIG. 1 ) such as the Internet and/or mobile device data networks.
  • certificate API 312 A number of components of client computer 102 are stored in memory 306 .
  • certificate API 312 device driver installation logic 314 , and secure networking logic 316 are each all or part of one or more computer processes executing within CPU 308 from memory 306 in this illustrative embodiment but can also be implemented using digital logic circuitry.
  • logic refers to (i) logic implemented as computer instructions and/or data within one or more computer processes and/or (ii) logic implemented in electronic circuitry.
  • Certificates 320 are data stored persistently in memory 306 . In this illustrative embodiment, certificates 320 are organized as a database.
  • Device-bound certificate authority 108 ( FIG. 1 )—which is sometimes referred to herein as DBCA 108 —is shown in greater detail in FIG. 4 and includes a CPU 408 , memory 406 , interconnect 410 , input devices 402 , output devices 404 , and network access circuitry 422 that are directly analogous to CPU 308 ( FIG. 3 ), memory 306 , interconnect 310 , input devices 302 , output devices 304 , and network access circuitry 322 , respectively, of client computer 102 . Since DBCA 108 ( FIG. 1 )—which is sometimes referred to herein as DBCA 108 —is shown in greater detail in FIG. 4 and includes a CPU 408 , memory 406 , interconnect 410 , input devices 402 , output devices 404 , and network access circuitry 422 that are directly analogous to CPU 308 ( FIG. 3 ), memory 306 , interconnect 310 , input devices 302 , output devices 304 , and network access circuitry
  • DBCA 108 can interact with one or more human users exclusively through network access circuitry 422 , e.g., through a remote command shell protocol such as the known ‘ssh’ remote command shell protocol.
  • a number of components of DBCA 108 are stored in memory 406 .
  • certificate serving logic 412 is all or part of one or more computer processes executing within CPU 408 from memory 406 in this illustrative embodiment but can also be implemented using digital logic circuitry.
  • Digital fingerprint registry 414 and certificates 416 are data stored persistently in memory 406 . In this illustrative embodiment, digital fingerprint registry 414 and certificates 416 are each organized as a database.
  • DBCA 108 also serves as a conventional certificate authority and maintains certificates 416 in a conventional manner in addition to the device-bound certificate management described herein.
  • DBCA 108 uses a remotely-located certificate authority to obtain authentic copies of certificates in a conventional manner and maintains certificates 416 for local device binding in the manner described herein.
  • DBCA 108 can also maintain certificates 416 for limited periods of time as a cache of device-bound certificates to more efficiently serve repeated requests for the same device-bound certificates in a relatively short amount of time.
  • Digital fingerprint registry 414 stores a number of digital fingerprint records such as digital fingerprint record 902 ( FIG. 9 ).
  • Digital fingerprint record 902 includes a device identifier 904 and a digital fingerprint 906 and therefore represents an association between a device identifier and a digital fingerprint.
  • DBCA 108 ensures that device identifier 904 is unique among all device identifiers stored in digital fingerprint registry 414 .
  • DBCA 108 Prior to use of DBCA 108 , a device must register with DBCA 108 .
  • client computer 102 FIG. 1
  • client computer 102 sends a registration request to DBCA 108 that includes a digital fingerprint of client computer 102 .
  • DBCA 108 (i) creates a unique identifier for client computer 102 , (ii) stores the identifier as device identifier 904 in a new digital fingerprint record 902 that also includes the digital fingerprint received from client computer 102 as digital fingerprint 906 , and (iii) returns the identifier to client computer 102 as part of a report of successful registration with DBCA 108 .
  • DBCA 108 directs a device to produce a digital fingerprint of itself when DBCA 108 does not already have a digital fingerprint of the device.
  • DBCA 108 can implement dynamic registration.
  • DBCA 108 requests that the device send DBCA 108 a digital fingerprint of the device.
  • client computer 102 generates a digital fingerprint of itself and sends the digital certificate to DBCA 108 .
  • client computer 102 creates the digital fingerprint of itself using logic in certificate API 312 ( FIG. 3 ).
  • DBCA 108 directs client computer 102 to obtain digital fingerprint generation logic and to then execute the logic to thereby generate a digital fingerprint of client computer 102 .
  • the particular manner in which DBCA 108 specifies the logic to be obtained by client computer 102 and the particular manner in which client computer 102 executes the logic are unimportant and there are many known ways for accomplishing each.
  • DBCA 108 can provide the logic directly or can provide a URL to the logic so as to direct client computer 102 to access the logic using the URL.
  • the URL can identify logic to be obtained from DBCA 108 directly or can identify other computers reachable through wide area network 106 .
  • client computer 102 can execute the logic by receiving and installing the logic as client computer 102 would install software generally or client computer 102 can execute the logic as active content in a web page displayed by a browser of client computer 102 .
  • client computer 102 can retrieve device-bound certificates from DBCA 108 in a manner illustrated in transaction flow diagram 200 ( FIG. 2 ).
  • client computer 102 requests a certificate from DBCA 108 .
  • the request of step 202 includes both identification of the entity whose certificate is needed and the identifier 904 of client computer 102 previously received from DBCA 108 .
  • the request of step 202 can also include identifiers of other devices if client computer 102 is configured to request a certificate that is also bound to one or more other devices.
  • DBCA 108 retrieves the certificate of the entity whose certificate is requested in step 202 .
  • DBCA 108 retrieves the certificate from certificates 416 ( FIG. 4 ) in this illustrative embodiment. In other embodiments, DBCA 108 retrieves the certificate from a certificate authority through wide area network 106 . If the certificate is retrieved from a remotely-located certificate authority through wide area network 106 , DBCA 108 can store retrieved certificates in certificates 416 as a cache.
  • DBCA 108 retrieves the digital fingerprint of client computer 102 using the identifier of the request.
  • the retrieved digital fingerprint is the one associated with the received identifier in digital fingerprint registry 414 ( FIG. 4 ).
  • DBCA 108 retrieves the digital fingerprint from digital fingerprint registry 414 in this illustrative embodiment. In other embodiments, DBCA 108 retrieves the digital fingerprint from another computer through wide area network 106 . If the digital fingerprint is retrieved from a remotely-located computer through wide area network 106 , DBCA 108 can store retrieved digital fingerprint in digital fingerprint registry 414 as a cache.
  • DBCA 108 embeds the retrieved digital fingerprint, e.g., digital fingerprint 906 ( FIG. 9 ) into the requested certificate, e.g., certificate 802 ( FIG. 8 ).
  • authorized device data 804 includes only one digital fingerprint and is therefore bound to only a single device.
  • authorized device data 804 can include multiple digital fingerprints and can limit the number of digital fingerprints to a predetermined maximum. Thus, a single certificate can be bound to a limited number of devices.
  • DBCA 108 cryptographically signs certificate 802 to make certificate 802 tamper-evident.
  • step 208 DBCA 108 sends certificate 802 ( FIG. 8 ) with authorized device data 804 that includes digital fingerprint 906 ( FIG. 6 ) of client computer 102 ( FIG. 1 ).
  • step 210 client computer 102 verifies the digital fingerprint of authorized device data 804 by comparing each of the embedded digital fingerprints to the digital fingerprint of client computer 210 . Verification of digital fingerprints is described in the '216 Patent and that description is incorporated herein by reference.
  • client computer 102 accepts and uses certificate 802 only if at least one digital fingerprint of authorized device data 804 matches the digital fingerprint of client computer 102 . Conversely, if no digital fingerprint of authorized device data 804 matches the digital fingerprint of client computer 102 , client computer 102 rejects certificate 802 and refuses to perform any tasks that require certificate 802 . In another embodiment, client computer 102 may reject certificate 802 if it detects more than one match of the digital fingerprint.
  • FIG. 5 An example of such a task is the installation of a cryptographically signed device driver and is illustrated in transaction diagram 500 ( FIG. 5 ).
  • a user of client computer 102 has requested installation of a device driver 318 ( FIG. 3 ), either implicitly by physically connecting one of peripheral devices 104 ( FIG. 1 ) to client computer 102 or explicitly by physical manipulation of one or more of user input devices 302 ( FIG. 3 ) using conventional user-interface techniques.
  • Device drivers are known and are only described briefly to facilitate appreciation and understanding of the present invention.
  • Various peripheral devices 104 such as printers, scanners, game controllers, storage devices, and digital cameras, are designed to interact with logic of client computer 102 .
  • Device driver 318 FIG. 3 ) provides such awareness and serves as a bridge over the gap in logic between the specific interface of a peripheral device and other logic of client computer 102 .
  • step 502 client computer 102 identifies device driver 318 ( FIG. 3 ) as the device driver to be installed.
  • device driver 318 is cryptographically signed and client computer 102 gets a device-bound certificate for the signor from DBCA 108 in step 504 ( FIG. 5 ).
  • Transaction diagram 200 FIG. 2 ) illustrates the processing of step 504 ( FIG. 5 ).
  • client computer 102 installs device driver 318 ( FIG. 3 ) only if (i) the certificate received in step 504 is verified to be bound to client computer 102 and (ii) the cryptographic signature of device driver 318 is verified with the certificate received in step 504 . If the certificate should ever be compromised, e.g., by a malicious user with access to client computer 102 , the compromise is limited to client computer 102 and other devices that might be bound to the certificate by authorized device data 804 ( FIG. 8 ). If authorized device data 804 is modified, the modification causes verification of the cryptographic signature of DBCA 108 to fail.
  • Another example of a task that is made more secure by device-bound certificates is the establishment of access to secure content and is illustrated in transaction flow diagram 600 ( FIG. 6 ).
  • client computer 102 requests access to secure content within a server computer 120 ( FIG. 1 ).
  • Server computer 120 is shown in greater detail in FIG. 7 .
  • Server computer 120 includes a CPU 708 , memory 706 , interconnect 710 , input devices 702 , output devices 704 , and network access circuitry 722 that are directly analogous to CPU 408 ( FIG. 4 ), memory 406 , interconnect 410 , input devices 402 , output devices 404 , and network access circuitry 422 , respectively, of DBCA 108 .
  • serving logic 712 is all or part of one or more computer processes executing within CPU 708 from memory 706 in this illustrative embodiment but can also be implemented using digital logic circuitry.
  • Serving logic 712 provides the server functionality designed into server computer 120 and includes authentication logic 714 that implements the authentication illustrated in transaction flow diagram 600 ( FIG. 6 ).
  • White list 716 and certificates 718 are data stored persistently in memory 706 . In this illustrative embodiment, white list 716 and certificates 718 are each organized as a database.
  • White list 716 identifies all devices with which server computer 120 is permitted to grant access to one or more categories of secure content, i.e., content to which access is to be limited. Alternatively, white list 716 can identify all devices for which server computer 120 is permitted to offer various services. In this illustrative embodiment, white list 716 is generally of the same structure as digital fingerprint registry 414 ( FIG. 4 ). Certificates 718 ( FIG. 7 ) are generally of the same structure as certificates 416 ( FIG. 4 ).
  • step 602 client computer 102 requests access to secure content within server computer 120 .
  • Client computer 102 includes its identifier and digital fingerprint that were used in registration with DBCA 108 in the request.
  • server computer 120 retrieves a certificate that is bound to client computer 102 from DBCA 108 in the manner illustrated in transaction flow diagram 200 ( FIG. 2 ).
  • client computer 102 can omit its identifier and digital fingerprint in the request of step 602 ( FIG. 6 ) and DBCA 108 can cause client computer 102 to generate its digital fingerprint in the manner described above in conjunction with transaction flow diagram 200 ( FIG. 2 ).
  • step 606 server computer 120 compares the digital fingerprint in the certificate received from DBCA 108 in step 604 to the digital fingerprint received from client computer 102 in step 602 . If the digital fingerprints match, server computer 120 grants the request for access to secure content within client computer 102 . Conversely, if the digital fingerprints don't match, server computer 120 refuses the request and no access to secure content within client computer 120 is granted.
  • server computer 120 leverages from the trustworthiness of DBCA 108 and its registration process to implement device-bound two-factor authentication.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Biomedical Technology (AREA)
  • General Health & Medical Sciences (AREA)
  • Biodiversity & Conservation Biology (AREA)
  • Life Sciences & Earth Sciences (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

A device-bound certificate authority binds a certificate to one or more devices by including digital fingerprints of the devices in the certificate. A device only uses a device-bound certificate if the digital fingerprint of the device is included in the certificate and is verified. Thus, a certificate is only usable by one or more devices to which the certificate is explicitly bound. Such device-bound certificates can be used for various purposes served by certificates generally such as device driver authentication and authorization of access to secure content, for example.

Description

This application is a continuation of U.S. patent application Ser. No. 13/179,387, filed Jul. 8, 2011, which claims priority to U.S. Provisional Application 61/443,048, filed Jan. 14, 2011. These applications are fully incorporated herein by reference.
BACKGROUND OF THE INVENTION
Field of the Invention
The present invention relates generally to computer security and, more particularly, methods of and systems for securely authenticating devices.
Description of the Related Art
Digital certificates are used in cryptographic systems, particularly those using PKI (Public Key Infrastructure), to authenticate data in various contexts. For example, device drivers often require authentication using a certificate of the source of the particular driven device before a computer will permit installation of the device driver to ensure that the device will behave properly. In addition, certificates can be used to identify computers as authorized to access secure content.
One of the shortcomings of certificates today is that copies of certificates can be kept in many storage locations, making copying and improper use of a certificate a significant risk to security.
SUMMARY OF THE INVENTION
In accordance with the present invention, a device-bound certificate authority binds a certificate to one or more devices by including digital fingerprints of the devices in the certificate. A device only uses a device-bound certificate if the digital fingerprint of the device is included in the certificate and is verified. Thus, a certificate is only usable by one or more devices to which the certificate is explicitly bound.
Such device-bound certificates can be used for various purposes served by certificates generally such as device driver authentication and authorization of access to secure content, for example.
Should a certificate have its security compromised, the effect of such compromise is limited to just those explicitly authorized devices to which the certificate is bound. The certificate cannot be used by unauthorized devices to which the certificate might be distributed. As a result, any malicious programming injected into code authenticated by a compromised certificate that is distributed by some entity other than a duly authorized device-bound certificate authority will not be executed by devices that require device-bound certificates.
BRIEF DESCRIPTION OF THE DRAWINGS
Other systems, methods, features and advantages of the invention will be or will become apparent to one with skill in the art upon examination of the following figures and detailed description. It is intended that all such additional systems, methods, features and advantages be included within this description, be within the scope of the invention, and be protected by the accompanying claims. Component parts shown in the drawings are not necessarily to scale, and may be exaggerated to better illustrate the important features of the invention. In the drawings, like reference numerals may designate like parts throughout the different views, wherein:
FIG. 1 is a diagram showing a client computer and a device-bound certificate authority that manage device-bound certificates in accordance with one embodiment of the present invention.
FIG. 2 is a transaction diagram illustrating one method of serving a device-bound certificate by the device-bound certificate authority of FIG. 1 to the client computer of FIG. 1.
FIG. 3 is a block diagram showing the client computer of FIG. 1 in greater detail.
FIG. 4 is a block diagram showing the device-bound certificate authority of FIG. 1 in greater detail.
FIG. 5 is a transaction diagram illustrating one embodiment according to the invention of a method of using a device-bound certificate by the client computer of FIG. 1 to authenticate a device driver for installation.
FIG. 6 is a transaction diagram illustrating one embodiment of a method of using a device-bound certificate by a server of FIG. 1 to authenticate the client computer of FIG. 1 for establishing a secure connection therewith.
FIG. 7 is a block diagram showing the server of FIG. 1 in greater detail.
FIG. 8 is a block diagram illustrating one embodiment of a device-bound certificate in accordance with the present invention.
FIG. 9 is a block diagram illustrating one example of a digital fingerprint record of a digital fingerprint registry of the device-bound certificate authority of FIG. 4.
 DETAILED DESCRIPTION
In accordance with the present invention, digital certificates 802 (FIG. 8) are bound to specific devices and are therefore each usable by one or more explicitly authorized devices, e.g., client computer 102 (FIG. 1). A digital certificate copied from client computer 102 cannot be used on another device unless that other device is explicitly authorized within the digital certificate. Such forces the other device to obtain certificates only from an authorized device-bound certificate authority 108.
In this illustrative embodiment, device-bound certificate authority 108 binds certificate 802 (FIG. 8) to client computer 102 by including authorized device data 804 in certificate 802. Authorized device data 804 uniquely identifies at least one authorized device from all other devices to which device-bound certificate authority can serve certificates and identifies client computer 102 by a digital fingerprint of client computer 102, for example. Digital fingerprints are known and are described, e.g., in U.S. Pat. No. 5,490,216 (sometimes referred to herein as the '216 Patent) and that description is incorporated herein by reference. In this illustrative embodiment, certificate 802 is an X.509 certificate based on RFC-2459.
Prior to using certificate 802, client computer 102 always verifies that authorized device data 804 indicates that client computer 102 is authorized to use certificate 802. As described more completely below, such indicates that client computer 102 received certificate 802 from a device-bound certificate authority that client computer 102 trusts and with which client computer 102 has registered.
Before describing the management and use of device-bound certificates in accordance with the present invention, some elements of client computer 102 (FIG. 1) and device-bound certificate authority 108 are briefly described.
Client computer 102 is shown in greater detail in FIG. 3 and includes one or more microprocessors 308 (collectively referred to as CPU 308) that retrieve data and/or instructions from memory 306 and execute retrieved instructions in a conventional manner. Memory 306 can include generally any computer-readable medium including, for example, persistent memory such as magnetic and/or optical disks, ROM, and PROM and volatile memory such as RAM.
CPU 308 and memory 306 are connected to one another through a conventional interconnect 310, which is a bus in this illustrative embodiment and which connects CPU 308 and memory 306 to one or more input devices 302, output devices 304, and network access circuitry 322. Input devices 302 can include, for example, a keyboard, a keypad, a touch-sensitive screen, a mouse, and a microphone. Output devices 304 can include, for example, a display—such as a liquid crystal display (LCD)—and one or more loudspeakers. Network access circuitry 322 sends and receives data through a wide area network 106 (FIG. 1) such as the Internet and/or mobile device data networks.
A number of components of client computer 102 are stored in memory 306. In particular, certificate API 312, device driver installation logic 314, and secure networking logic 316 are each all or part of one or more computer processes executing within CPU 308 from memory 306 in this illustrative embodiment but can also be implemented using digital logic circuitry. As used herein, “logic” refers to (i) logic implemented as computer instructions and/or data within one or more computer processes and/or (ii) logic implemented in electronic circuitry. Certificates 320 are data stored persistently in memory 306. In this illustrative embodiment, certificates 320 are organized as a database.
Device-bound certificate authority 108 (FIG. 1)—which is sometimes referred to herein as DBCA 108—is shown in greater detail in FIG. 4 and includes a CPU 408, memory 406, interconnect 410, input devices 402, output devices 404, and network access circuitry 422 that are directly analogous to CPU 308 (FIG. 3), memory 306, interconnect 310, input devices 302, output devices 304, and network access circuitry 322, respectively, of client computer 102. Since DBCA 108 (FIG. 4) is a server computer, input devices 402 and output devices 404 can be omitted and DBCA 108 can interact with one or more human users exclusively through network access circuitry 422, e.g., through a remote command shell protocol such as the known ‘ssh’ remote command shell protocol.
A number of components of DBCA 108 are stored in memory 406. In particular, certificate serving logic 412 is all or part of one or more computer processes executing within CPU 408 from memory 406 in this illustrative embodiment but can also be implemented using digital logic circuitry. Digital fingerprint registry 414 and certificates 416 are data stored persistently in memory 406. In this illustrative embodiment, digital fingerprint registry 414 and certificates 416 are each organized as a database.
In one embodiment, DBCA 108 also serves as a conventional certificate authority and maintains certificates 416 in a conventional manner in addition to the device-bound certificate management described herein. In an alternative embodiment, DBCA 108 uses a remotely-located certificate authority to obtain authentic copies of certificates in a conventional manner and maintains certificates 416 for local device binding in the manner described herein. DBCA 108 can also maintain certificates 416 for limited periods of time as a cache of device-bound certificates to more efficiently serve repeated requests for the same device-bound certificates in a relatively short amount of time.
Digital fingerprint registry 414 stores a number of digital fingerprint records such as digital fingerprint record 902 (FIG. 9). Digital fingerprint record 902 includes a device identifier 904 and a digital fingerprint 906 and therefore represents an association between a device identifier and a digital fingerprint. DBCA 108 ensures that device identifier 904 is unique among all device identifiers stored in digital fingerprint registry 414.
Prior to use of DBCA 108, a device must register with DBCA 108. For example, client computer 102 (FIG. 1) sends a registration request to DBCA 108 that includes a digital fingerprint of client computer 102. In response to the request, DBCA 108 (i) creates a unique identifier for client computer 102, (ii) stores the identifier as device identifier 904 in a new digital fingerprint record 902 that also includes the digital fingerprint received from client computer 102 as digital fingerprint 906, and (iii) returns the identifier to client computer 102 as part of a report of successful registration with DBCA 108.
In an alternative embodiment, DBCA 108 directs a device to produce a digital fingerprint of itself when DBCA 108 does not already have a digital fingerprint of the device. In other words, DBCA 108 can implement dynamic registration. In particular, upon determining that DBCA 108 requires a digital fingerprint of a given device and does not have one, DBCA 108 requests that the device send DBCA 108 a digital fingerprint of the device. In response to such a request, client computer 102 generates a digital fingerprint of itself and sends the digital certificate to DBCA 108.
In some embodiments, client computer 102 creates the digital fingerprint of itself using logic in certificate API 312 (FIG. 3). In other embodiments, DBCA 108 directs client computer 102 to obtain digital fingerprint generation logic and to then execute the logic to thereby generate a digital fingerprint of client computer 102. The particular manner in which DBCA 108 specifies the logic to be obtained by client computer 102 and the particular manner in which client computer 102 executes the logic are unimportant and there are many known ways for accomplishing each.
For example, DBCA 108 can provide the logic directly or can provide a URL to the logic so as to direct client computer 102 to access the logic using the URL. The URL can identify logic to be obtained from DBCA 108 directly or can identify other computers reachable through wide area network 106. In addition, client computer 102 can execute the logic by receiving and installing the logic as client computer 102 would install software generally or client computer 102 can execute the logic as active content in a web page displayed by a browser of client computer 102.
Subsequently to registration with DBCA 108 as described above or in conjunction with dynamic registration as described above, client computer 102 can retrieve device-bound certificates from DBCA 108 in a manner illustrated in transaction flow diagram 200 (FIG. 2). In step 202, client computer 102 requests a certificate from DBCA 108. The request of step 202 includes both identification of the entity whose certificate is needed and the identifier 904 of client computer 102 previously received from DBCA 108. The request of step 202 can also include identifiers of other devices if client computer 102 is configured to request a certificate that is also bound to one or more other devices.
In step 204, DBCA 108 retrieves the certificate of the entity whose certificate is requested in step 202. DBCA 108 retrieves the certificate from certificates 416 (FIG. 4) in this illustrative embodiment. In other embodiments, DBCA 108 retrieves the certificate from a certificate authority through wide area network 106. If the certificate is retrieved from a remotely-located certificate authority through wide area network 106, DBCA 108 can store retrieved certificates in certificates 416 as a cache.
In step 206, DBCA 108 retrieves the digital fingerprint of client computer 102 using the identifier of the request. The retrieved digital fingerprint is the one associated with the received identifier in digital fingerprint registry 414 (FIG. 4). DBCA 108 retrieves the digital fingerprint from digital fingerprint registry 414 in this illustrative embodiment. In other embodiments, DBCA 108 retrieves the digital fingerprint from another computer through wide area network 106. If the digital fingerprint is retrieved from a remotely-located computer through wide area network 106, DBCA 108 can store retrieved digital fingerprint in digital fingerprint registry 414 as a cache.
In step 206 (FIG. 2), DBCA 108 embeds the retrieved digital fingerprint, e.g., digital fingerprint 906 (FIG. 9) into the requested certificate, e.g., certificate 802 (FIG. 8). In this illustrative embodiment, authorized device data 804 includes only one digital fingerprint and is therefore bound to only a single device. In alternative embodiments, authorized device data 804 can include multiple digital fingerprints and can limit the number of digital fingerprints to a predetermined maximum. Thus, a single certificate can be bound to a limited number of devices. DBCA 108 cryptographically signs certificate 802 to make certificate 802 tamper-evident.
In step 208 (FIG. 2), DBCA 108 sends certificate 802 (FIG. 8) with authorized device data 804 that includes digital fingerprint 906 (FIG. 6) of client computer 102 (FIG. 1).
In step 210 (FIG. 2), client computer 102 verifies the digital fingerprint of authorized device data 804 by comparing each of the embedded digital fingerprints to the digital fingerprint of client computer 210. Verification of digital fingerprints is described in the '216 Patent and that description is incorporated herein by reference.
In step 212, client computer 102 accepts and uses certificate 802 only if at least one digital fingerprint of authorized device data 804 matches the digital fingerprint of client computer 102. Conversely, if no digital fingerprint of authorized device data 804 matches the digital fingerprint of client computer 102, client computer 102 rejects certificate 802 and refuses to perform any tasks that require certificate 802. In another embodiment, client computer 102 may reject certificate 802 if it detects more than one match of the digital fingerprint.
An example of such a task is the installation of a cryptographically signed device driver and is illustrated in transaction diagram 500 (FIG. 5). In this illustrative example, a user of client computer 102 has requested installation of a device driver 318 (FIG. 3), either implicitly by physically connecting one of peripheral devices 104 (FIG. 1) to client computer 102 or explicitly by physical manipulation of one or more of user input devices 302 (FIG. 3) using conventional user-interface techniques.
Device drivers are known and are only described briefly to facilitate appreciation and understanding of the present invention. Various peripheral devices 104 (FIG. 1), such as printers, scanners, game controllers, storage devices, and digital cameras, are designed to interact with logic of client computer 102. However, most, if not all, of the logic of client computer 102 is designed without awareness of the specific interfaces of many such peripheral devices. Device driver 318 (FIG. 3) provides such awareness and serves as a bridge over the gap in logic between the specific interface of a peripheral device and other logic of client computer 102.
Many device drivers are cryptographically signed by the manufacturer/supplier of the driven peripheral device. Such is intended to prevent tampering with the device driver as such tampering can enable injection of malicious behavior. If the security provided by a conventional certificate is compromised, the compromised security affects all devices that can rely on the compromised certificate. However, certificates that are bound to one or more devices can only be relied upon by that device or those devices, significantly limiting the harm that can be caused by compromised security of such certificates.
In step 502 (FIG. 5), client computer 102 identifies device driver 318 (FIG. 3) as the device driver to be installed. In this illustrative example, device driver 318 is cryptographically signed and client computer 102 gets a device-bound certificate for the signor from DBCA 108 in step 504 (FIG. 5). Transaction diagram 200 (FIG. 2) illustrates the processing of step 504 (FIG. 5).
In step 506, client computer 102 installs device driver 318 (FIG. 3) only if (i) the certificate received in step 504 is verified to be bound to client computer 102 and (ii) the cryptographic signature of device driver 318 is verified with the certificate received in step 504. If the certificate should ever be compromised, e.g., by a malicious user with access to client computer 102, the compromise is limited to client computer 102 and other devices that might be bound to the certificate by authorized device data 804 (FIG. 8). If authorized device data 804 is modified, the modification causes verification of the cryptographic signature of DBCA 108 to fail.
Another example of a task that is made more secure by device-bound certificates is the establishment of access to secure content and is illustrated in transaction flow diagram 600 (FIG. 6).
In this illustrative example of the establishment of access to secure content as shown in transaction flow diagram 600, client computer 102 requests access to secure content within a server computer 120 (FIG. 1). Server computer 120 is shown in greater detail in FIG. 7.
Server computer 120 includes a CPU 708, memory 706, interconnect 710, input devices 702, output devices 704, and network access circuitry 722 that are directly analogous to CPU 408 (FIG. 4), memory 406, interconnect 410, input devices 402, output devices 404, and network access circuitry 422, respectively, of DBCA 108.
A number of components of server computer 120 are stored in memory 706. In particular, serving logic 712 is all or part of one or more computer processes executing within CPU 708 from memory 706 in this illustrative embodiment but can also be implemented using digital logic circuitry. Serving logic 712 provides the server functionality designed into server computer 120 and includes authentication logic 714 that implements the authentication illustrated in transaction flow diagram 600 (FIG. 6). White list 716 and certificates 718 are data stored persistently in memory 706. In this illustrative embodiment, white list 716 and certificates 718 are each organized as a database.
White list 716 identifies all devices with which server computer 120 is permitted to grant access to one or more categories of secure content, i.e., content to which access is to be limited. Alternatively, white list 716 can identify all devices for which server computer 120 is permitted to offer various services. In this illustrative embodiment, white list 716 is generally of the same structure as digital fingerprint registry 414 (FIG. 4). Certificates 718 (FIG. 7) are generally of the same structure as certificates 416 (FIG. 4).
In step 602 (FIG. 6), client computer 102 requests access to secure content within server computer 120. Client computer 102 includes its identifier and digital fingerprint that were used in registration with DBCA 108 in the request.
In response to the request and in step 604 (FIG. 6), server computer 120 retrieves a certificate that is bound to client computer 102 from DBCA 108 in the manner illustrated in transaction flow diagram 200 (FIG. 2). In an alternative embodiment, client computer 102 can omit its identifier and digital fingerprint in the request of step 602 (FIG. 6) and DBCA 108 can cause client computer 102 to generate its digital fingerprint in the manner described above in conjunction with transaction flow diagram 200 (FIG. 2).
In step 606 (FIG. 6), server computer 120 compares the digital fingerprint in the certificate received from DBCA 108 in step 604 to the digital fingerprint received from client computer 102 in step 602. If the digital fingerprints match, server computer 120 grants the request for access to secure content within client computer 102. Conversely, if the digital fingerprints don't match, server computer 120 refuses the request and no access to secure content within client computer 120 is granted.
In this manner, server computer 120 leverages from the trustworthiness of DBCA 108 and its registration process to implement device-bound two-factor authentication.
The above description is illustrative only and is not limiting. The present invention is defined solely by the claims which follow and their full range of equivalents. It is intended that the following appended claims be interpreted as including all such alterations, modifications, permutations, and substitute equivalents as fall within the true spirit and scope of the present invention.

Claims (8)

What is claimed is:
1. A non-transitory computer readable medium useful in association with a computer which includes one or more processors and a memory, the computer readable medium including computer instructions which are configured to cause the computer, by execution of the computer instructions in the one or more processors from the memory, to bind a digital certificate that can be stored on a computer-readable medium to multiple devices by at least:
receiving at a server computer a request from a remote device through a computer network wherein the request identifies the certificate and identifies the multiple devices,
retrieving the certificate;
for each of the multiple devices:
retrieving a digital fingerprint of the device; and
including the digital fingerprint in the certificate;
and
sending the certificate with the included digital fingerprints to the remote device through the computer network;
wherein the server computer in response to the request serves a device driver cryptographically signed with the certificate so that any of the devices can install the device driver only upon a condition in which one of the digital fingerprints corresponds to the installing device.
2. The computer readable medium of claim 1 wherein
the remote device determines whether the digital fingerprint that is included in the certificate corresponds to the remote device; and
upon a condition in which the digital fingerprint corresponds to the remote device, accepts the certificate as legitimate.
3. The computer readable medium of claim 1 wherein the remote device also uses the certificate to verify that a device driver is properly cryptographically signed as a precondition to installing the device driver only upon the condition in which the digital fingerprint corresponds to the remote device.
4. The computer readable medium of claim 1 wherein the remote device determines whether the digital fingerprint that is included in the certificate corresponds to a requesting device from which the remote device has received a request for access to secure content of the remote device and, upon a condition in which the digital fingerprint corresponds to the requesting device and the remote device is preconfigured to recognize the requesting device as authorized to access the secure content, grants the request.
5. A computer system comprising:
at least one processor;
a non-transitory computer readable medium that is operatively coupled to the processor; and
certificate serving logic (i) that, at least in part, executes in the processor from the computer readable medium and (ii) that, when executed by the processor, causes the computer to bind a digital certificate that can be stored on the computer-readable medium to multiple devices by at least:
receiving at a server computer a request from a remote device through a computer network wherein the request identifies the certificate and identifies the multiple devices;
retrieving the certificate;
for each of the multiple devices:
retrieving a digital fingerprint of the device; and
including the digital fingerprint in the certificate;
and
sending the certificate with the included digital fingerprints to the remote device through the computer network;
wherein the server computer in response to the request serves a device driver cryptographically signed with the certificate so that any of the devices can install the device driver only upon a condition in which one of the digital fingerprints corresponds to the installing device.
6. The computer system of claim 5 wherein the remote device determines whether the digital fingerprint that is included in the certificate corresponds to the remote device and, upon a condition in which the digital fingerprint corresponds to the remote device, accepts the certificate as legitimate.
7. The computer system of claim 6 wherein the remote device also uses the certificate to verify that a device driver is properly cryptographically signed as a precondition to installing the device driver only upon the condition in which the digital fingerprint corresponds to the remote device.
8. The computer system of claim 5 wherein the remote device determines whether the digital fingerprint that is included in the certificate corresponds to a requesting device from which the remote device has received a request for access to secure content of the remote device and, upon a condition in which the digital fingerprint corresponds to the requesting device and the remote device is preconfigured to recognize the requesting device as authorized to access the secure content, grants the request.
US13/791,006 2011-01-14 2013-03-08 Device-bound certificate authentication Active US10432609B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US13/791,006 US10432609B2 (en) 2011-01-14 2013-03-08 Device-bound certificate authentication

Applications Claiming Priority (7)

Application Number Priority Date Filing Date Title
US201161433048P 2011-01-14 2011-01-14
AU2011100168 2011-02-09
AU2011100168A AU2011100168B4 (en) 2011-02-09 2011-02-09 Device-bound certificate authentication
US13/179,387 US8438394B2 (en) 2011-01-14 2011-07-08 Device-bound certificate authentication
USPCT/US12/37837 2012-05-14
PCT/US2012/037837 WO2013009385A2 (en) 2011-07-08 2012-05-14 Device-bound certificate authentication
US13/791,006 US10432609B2 (en) 2011-01-14 2013-03-08 Device-bound certificate authentication

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US13/179,387 Continuation US8438394B2 (en) 2011-01-14 2011-07-08 Device-bound certificate authentication

Publications (2)

Publication Number Publication Date
US20130212382A1 US20130212382A1 (en) 2013-08-15
US10432609B2 true US10432609B2 (en) 2019-10-01

Family

ID=43663818

Family Applications (2)

Application Number Title Priority Date Filing Date
US13/179,387 Active US8438394B2 (en) 2011-01-14 2011-07-08 Device-bound certificate authentication
US13/791,006 Active US10432609B2 (en) 2011-01-14 2013-03-08 Device-bound certificate authentication

Family Applications Before (1)

Application Number Title Priority Date Filing Date
US13/179,387 Active US8438394B2 (en) 2011-01-14 2011-07-08 Device-bound certificate authentication

Country Status (2)

Country Link
US (2) US8438394B2 (en)
AU (1) AU2011100168B4 (en)

Families Citing this family (30)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7162035B1 (en) 2000-05-24 2007-01-09 Tracer Detection Technology Corp. Authentication method and system
US7995196B1 (en) 2008-04-23 2011-08-09 Tracer Detection Technology Corp. Authentication method and system
US10168413B2 (en) 2011-03-25 2019-01-01 T-Mobile Usa, Inc. Service enhancements using near field communication
US9824199B2 (en) 2011-08-25 2017-11-21 T-Mobile Usa, Inc. Multi-factor profile and security fingerprint analysis
US20130054433A1 (en) * 2011-08-25 2013-02-28 T-Mobile Usa, Inc. Multi-Factor Identity Fingerprinting with User Behavior
US9727511B2 (en) 2011-12-30 2017-08-08 Bedrock Automation Platforms Inc. Input/output module with multi-channel switching capability
US10834094B2 (en) 2013-08-06 2020-11-10 Bedrock Automation Platforms Inc. Operator action authentication in an industrial control system
US8862802B2 (en) 2011-12-30 2014-10-14 Bedrock Automation Platforms Inc. Switch fabric having a serial communications interface and a parallel communications interface
US9600434B1 (en) 2011-12-30 2017-03-21 Bedrock Automation Platforms, Inc. Switch fabric having a serial communications interface and a parallel communications interface
US12061685B2 (en) 2011-12-30 2024-08-13 Analog Devices, Inc. Image capture devices for a secure industrial control system
US9191203B2 (en) 2013-08-06 2015-11-17 Bedrock Automation Platforms Inc. Secure industrial control system
US9467297B2 (en) * 2013-08-06 2016-10-11 Bedrock Automation Platforms Inc. Industrial control system redundant communications/control modules authentication
US11967839B2 (en) 2011-12-30 2024-04-23 Analog Devices, Inc. Electromagnetic connector for an industrial control system
US9407443B2 (en) 2012-06-05 2016-08-02 Lookout, Inc. Component analysis of software applications on computing devices
EP3025235B1 (en) 2013-07-25 2020-10-28 Siemens Healthcare Diagnostics Inc. Anti-piracy protection for software
US10613567B2 (en) 2013-08-06 2020-04-07 Bedrock Automation Platforms Inc. Secure power supply for an industrial control system
US9436844B2 (en) 2013-08-29 2016-09-06 Microsoft Technology Licensing, Llc Access enablement security circuit
US9716708B2 (en) * 2013-09-13 2017-07-25 Microsoft Technology Licensing, Llc Security certificates for system-on-chip security
US9450947B2 (en) 2014-05-20 2016-09-20 Motorola Solutions, Inc. Apparatus and method for securing a debugging session
CN105281061A (en) 2014-07-07 2016-01-27 基岩自动化平台公司 Industrial control system cable
CN105763521B (en) 2014-12-18 2019-09-20 阿里巴巴集团控股有限公司 Device verification method and device
JP6507854B2 (en) * 2015-05-28 2019-05-08 株式会社リコー INFORMATION PROCESSING SYSTEM, INFORMATION PROCESSING DEVICE, MANAGEMENT METHOD OF ELECTRONIC CERTIFICATE, AND PROGRAM
CN106549925A (en) * 2015-09-23 2017-03-29 阿里巴巴集团控股有限公司 Prevent method, the apparatus and system of cross-site request forgery
US9967244B2 (en) 2015-10-14 2018-05-08 Microsoft Technology Licensing, Llc Multi-factor user authentication framework using asymmetric key
US10778435B1 (en) * 2015-12-30 2020-09-15 Jpmorgan Chase Bank, N.A. Systems and methods for enhanced mobile device authentication
US10097348B2 (en) 2016-03-24 2018-10-09 Samsung Electronics Co., Ltd. Device bound encrypted data
DE102017108555A1 (en) * 2017-04-21 2018-10-25 ondeso GmbH Method for handling data transmission processes in industrial plants
US10218697B2 (en) * 2017-06-09 2019-02-26 Lookout, Inc. Use of device risk evaluation to manage access to services
EP4068719A1 (en) * 2021-03-31 2022-10-05 Siemens Aktiengesellschaft Method for cryptographically secure detection of a device origin, device and verification device
US20240396998A1 (en) * 2023-05-25 2024-11-28 Capital One Services, Llc Computer-based systems configured to dynamically reduce a plurality of subsequent authentication steps required to execute security action(s) and methods of use thereof

Citations (163)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4246638A (en) 1978-09-14 1981-01-20 Thomas William J Method and apparatus for controlling usage of a programmable computing machine
US4351982A (en) 1980-12-15 1982-09-28 Racal-Milgo, Inc. RSA Public-key data encryption system having large random prime number generating microprocessor or the like
US4658093A (en) 1983-07-11 1987-04-14 Hellman Martin E Software distribution system
US4704610A (en) 1985-12-16 1987-11-03 Smith Michel R Emergency vehicle warning and traffic control system
US4779224A (en) 1985-03-12 1988-10-18 Moseley Donald R Identity verification method and apparatus
US4796220A (en) 1986-12-15 1989-01-03 Pride Software Development Corp. Method of controlling the copying of software
US4891503A (en) 1988-03-29 1990-01-02 Gascard, Inc. Distributed authorization system
WO1992009160A1 (en) 1990-11-07 1992-05-29 Tau Systems Corporation A secure system for activating personal computer software at remote locations
WO1992020022A1 (en) 1991-05-08 1992-11-12 Digital Equipment Corporation Management interface and format for license management system
WO1993001550A1 (en) 1991-07-01 1993-01-21 Infologic Software, Inc. License management system and method
US5210795A (en) 1992-01-10 1993-05-11 Digital Equipment Corporation Secure user authentication from personal computer
US5235642A (en) 1992-07-21 1993-08-10 Digital Equipment Corporation Access control subsystem and method for distributed computer system using locally cached authentication credentials
US5239166A (en) 1989-01-17 1993-08-24 Graves Marcel A Secure data interchange system erasing a card memory upon an invalid response
US5241594A (en) 1992-06-02 1993-08-31 Hughes Aircraft Company One-time logon means and methods for distributed computing systems
US5260999A (en) 1991-06-28 1993-11-09 Digital Equipment Corporation Filters in license management system
US5291598A (en) 1992-04-07 1994-03-01 Gregory Grundy Method and system for decentralized manufacture of copy-controlled software
US5414269A (en) 1991-10-29 1995-05-09 Oki Electric Industry Co., Ltd. Circuit for detecting a paper at a desired position along a paper feed path with a one shot multivibrator actuating circuit
US5418854A (en) 1992-04-28 1995-05-23 Digital Equipment Corporation Method and apparatus for protecting the confidentiality of passwords in a distributed data processing system
US5440635A (en) 1993-08-23 1995-08-08 At&T Corp. Cryptographic protocol for remote authentication
WO1995035533A1 (en) 1994-06-17 1995-12-28 Megalode Corporation Method for preventing use of software on an unauthorized computer
US5490216A (en) 1992-09-21 1996-02-06 Uniloc Private Limited System for software registration
US5666415A (en) 1995-07-28 1997-09-09 Digital Equipment Corporation Method and apparatus for cryptographic authentication
US5745879A (en) 1991-05-08 1998-04-28 Digital Equipment Corporation Method and system for managing execution of licensed programs
US5754763A (en) 1996-10-01 1998-05-19 International Business Machines Corporation Software auditing mechanism for a distributed computer enterprise environment
US5790664A (en) 1996-02-26 1998-08-04 Network Engineering Software, Inc. Automated system for management of licensed software
US5925127A (en) 1997-04-09 1999-07-20 Microsoft Corporation Method and system for monitoring the use of rented software
US5974150A (en) 1997-09-30 1999-10-26 Tracer Detection Technology Corp. System and method for authentication of goods
US6009401A (en) 1998-04-06 1999-12-28 Preview Systems, Inc. Relicensing of electronically purchased software
US6029141A (en) 1997-06-27 2000-02-22 Amazon.Com, Inc. Internet-based customer referral system
US6044471A (en) 1998-06-04 2000-03-28 Z4 Technologies, Inc. Method and apparatus for securing software to reduce unauthorized use
WO2000058895A2 (en) 1999-03-29 2000-10-05 Amazon.Com, Inc. Method and system for authenticating users when conducting commercial transactions using a computer
WO2000067095A1 (en) 1999-04-30 2000-11-09 Trymedia Systems Methods and apparatus for secure distribution of software
US6158005A (en) 1998-09-10 2000-12-05 Audible, Inc. Cloning protection scheme for a digital information playback device
GB2355322A (en) 1999-10-05 2001-04-18 Authoriszor Ltd System and method for positive client identification
US6230199B1 (en) 1999-10-29 2001-05-08 Mcafee.Com, Inc. Active marketing based on client computer configurations
US6233567B1 (en) 1997-08-29 2001-05-15 Intel Corporation Method and apparatus for software licensing electronically distributed programs
US6243468B1 (en) 1998-04-29 2001-06-05 Microsoft Corporation Software anti-piracy system that adapts to hardware upgrades
US6294793B1 (en) 1992-12-03 2001-09-25 Brown & Sharpe Surface Inspection Systems, Inc. High speed optical inspection apparatus for a transparent disk using gaussian distribution analysis and method therefor
US20010034712A1 (en) 1998-06-04 2001-10-25 Colvin David S. System and method for monitoring software
US20010044782A1 (en) 1998-04-29 2001-11-22 Microsoft Corporation Hardware ID to prevent software piracy
WO2001090892A1 (en) 2000-05-25 2001-11-29 Everdream, Inc. Intelligent patch checker
US6330670B1 (en) 1998-10-26 2001-12-11 Microsoft Corporation Digital rights management operating system
US6330608B1 (en) 1997-03-31 2001-12-11 Stiles Inventions L.L.C. Method and system of a computer system for establishing communications between a service provider and a central service factory and registry in a computer system
US20020019814A1 (en) 2001-03-01 2002-02-14 Krishnamurthy Ganesan Specifying rights in a digital rights license according to events
US20020065097A1 (en) 2000-11-30 2002-05-30 Brockenbrough Allan E. System for arranging interactive games between players via multimode communication devices
US20020082997A1 (en) 2000-07-14 2002-06-27 Hiroshi Kobata Controlling and managing digital assets
US6418472B1 (en) 1999-01-19 2002-07-09 Intel Corporation System and method for using internet based caller ID for controlling access to an object stored in a computer
US20020091937A1 (en) 2001-01-10 2002-07-11 Ortiz Luis M. Random biometric authentication methods and systems
US6449645B1 (en) 1999-01-19 2002-09-10 Kenneth L. Nash System for monitoring the association of digitized information having identification indicia with more than one of uniquely identified computers in a network for illegal use detection
US20020161718A1 (en) 1998-08-04 2002-10-31 Coley Christopher D. Automated system for management of licensed software
US6536005B1 (en) 1999-10-26 2003-03-18 Teradyne, Inc. High-speed failure capture apparatus and method for automatic test equipment
US20030065918A1 (en) 2001-04-06 2003-04-03 Willey William Daniel Device authentication in a PKI
WO2003032126A2 (en) 2001-10-09 2003-04-17 Wireless Key Identification Systems, Inc. Multi-factor authentication system
US20030097331A1 (en) 1998-03-30 2003-05-22 Cohen Morris E. Systems for financial and electronic commerce
US20030116621A1 (en) 2001-12-20 2003-06-26 Ncr Corporation Self-service terminal
US20030156719A1 (en) 2002-02-05 2003-08-21 Cronce Paul A. Delivery of a secure software license for a software product and a toolset for creating the sorftware product
US20030172035A1 (en) 2002-03-08 2003-09-11 Cronce Paul A. Method and system for managing software licenses
US20030182428A1 (en) 2002-03-19 2003-09-25 Jiang Li Peer-to-peer (P2P) communication system
US20040024860A1 (en) 2000-10-26 2004-02-05 Katsuhiko Sato Communication system, terminal, reproduction program, recorded medium on which reproduction program is recorded, server device, server program, and recorded medium on which server program is recorded
US20040030912A1 (en) 2001-05-09 2004-02-12 Merkle James A. Systems and methods for the prevention of unauthorized use and manipulation of digital content
US20040049685A1 (en) 2001-03-14 2004-03-11 Laszlo Jaloveczki Authorisation method for a user of a limited access system having an authorisation centre
US20040059929A1 (en) 2000-09-14 2004-03-25 Alastair Rodgers Digital rights management
US20040107360A1 (en) 2002-12-02 2004-06-03 Zone Labs, Inc. System and Methodology for Policy Enforcement
US20040117321A1 (en) 1999-07-30 2004-06-17 Sancho Enrique David System and method for secure network purchasing
WO2004054196A1 (en) 2002-12-09 2004-06-24 Research In Motion Limited System and method of secure authentication information distribution
US20040143746A1 (en) 2003-01-16 2004-07-22 Jean-Alfred Ligeti Software license compliance system and method
US20040172558A1 (en) 2002-11-18 2004-09-02 Terrance Callahan Method and system for access control
US6826690B1 (en) 1999-11-08 2004-11-30 International Business Machines Corporation Using device certificates for automated authentication of communicating devices
US20050033833A1 (en) 2003-08-05 2005-02-10 International Business Machines Corporation Method, system, and program product fo rmanaging device identifiers
US20050034115A1 (en) 2003-08-08 2005-02-10 Carter Wade E. Method for remotely updating software for devices in a broadband network
US6859793B1 (en) 2002-12-19 2005-02-22 Networks Associates Technology, Inc. Software license reporting and control system and method
US20050108173A1 (en) 1994-11-23 2005-05-19 Contentgurad Holdings, Inc. System for controlling the distribution and use digital works using digital tickets
US20050138155A1 (en) 2003-12-19 2005-06-23 Michael Lewis Signal assessment
US6920567B1 (en) 1999-04-07 2005-07-19 Viatech Technologies Inc. System and embedded license control mechanism for the creation and distribution of digital content files and enforcement of licensed use of the digital content files
US20050166263A1 (en) 2003-09-12 2005-07-28 Andrew Nanopoulos System and method providing disconnected authentication
US20050172280A1 (en) 2004-01-29 2005-08-04 Ziegler Jeremy R. System and method for preintegration of updates to an operating system
WO2005104686A2 (en) 2004-04-14 2005-11-10 Ipass Inc. Dynamic executable
US20050265446A1 (en) 2004-05-26 2005-12-01 Broadcom Corporation Mosquito noise detection and reduction
US20050268087A1 (en) 2004-05-26 2005-12-01 Sony Corporation Program, communication device, data processing method, and communication system
US6976009B2 (en) 2001-05-31 2005-12-13 Contentguard Holdings, Inc. Method and apparatus for assigning consequential rights to documents and documents having such rights
US20060005237A1 (en) 2003-01-30 2006-01-05 Hiroshi Kobata Securing computer network communication using a proxy server
US20060036766A1 (en) 2004-07-21 2006-02-16 Nicolas Baupin Method and system for managing identity overload and private/public availability of an instant messaging address
EP1637958A2 (en) 2003-03-03 2006-03-22 Microsoft Corporation Compact hardware identification for binding a software package to a computer system having tolerance for hardware changes
EP1637961A2 (en) 2004-09-15 2006-03-22 Microsoft Corporation Deploying and receiving software over a network susceptible to malicious communication
US20060072444A1 (en) 2004-09-29 2006-04-06 Engel David B Marked article and method of making the same
US20060080534A1 (en) 2004-10-12 2006-04-13 Yeap Tet H System and method for access control
US7032110B1 (en) 2000-06-30 2006-04-18 Landesk Software Limited PKI-based client/server authentication
US20060085310A1 (en) 2004-10-14 2006-04-20 Cfph Llc System and method for facilitating a wireless financial transaction
US20060090070A1 (en) 2004-10-21 2006-04-27 International Business Machines Corporation Method and system for verifying binding of an initial trusted device to a secured processing system
US20060095454A1 (en) 2004-10-29 2006-05-04 Texas Instruments Incorporated System and method for secure collaborative terminal identity authentication between a wireless communication device and a wireless operator
EP1670188A2 (en) 2004-12-10 2006-06-14 Alcatel Methods and systems for connection determination in a multi-point virtual private network
US7069440B2 (en) 2000-06-09 2006-06-27 Northrop Grumman Corporation Technique for obtaining a single sign-on certificate from a foreign PKI system using an existing strong authentication PKI system
US7069595B2 (en) 2001-03-23 2006-06-27 International Business Machines Corporation Method of controlling use of digitally encoded products
US20060161914A1 (en) 2005-01-14 2006-07-20 Microsoft Corporation Systems and methods to modify application installations
US7082535B1 (en) 2002-04-17 2006-07-25 Cisco Technology, Inc. System and method of controlling access by a wireless client to a network that utilizes a challenge/handshake authentication protocol
US20060168580A1 (en) 2003-02-21 2006-07-27 Shunji Harada Software-management system, recording medium, and information-processing device
US7085741B2 (en) 2001-01-17 2006-08-01 Contentguard Holdings, Inc. Method and apparatus for managing digital content usage rights
US7100195B1 (en) 1999-07-30 2006-08-29 Accenture Llp Managing user information on an e-commerce system
US20060265337A1 (en) 1996-02-26 2006-11-23 Graphon Corporation Automated system for management of licensed digital assets
US20060282511A1 (en) 2005-06-14 2006-12-14 Hitachi Global Storage Technologies Netherlands B.V. Method for limiting utilizing terminal of contents, and memory device and system for method
US7178025B2 (en) 1998-02-13 2007-02-13 Tec Sec, Inc. Access system utilizing multiple factor identification and authentication
US7188241B2 (en) 2002-10-16 2007-03-06 Pace Antipiracy Protecting software from unauthorized use by applying machine-dependent modifications to code modules
US20070061566A1 (en) 2005-09-09 2007-03-15 Bailey Daniel V Tokencode Exchanges for Peripheral Authentication
US20070078785A1 (en) 2000-11-16 2007-04-05 Steve Bush Method and system for account management
US7203966B2 (en) 2001-06-27 2007-04-10 Microsoft Corporation Enforcement architecture and method for digital rights management system for roaming a license to a plurality of user devices
US7206765B2 (en) 2001-01-17 2007-04-17 Contentguard Holdings, Inc. System and method for supplying and managing usage rights based on rules
US20070113090A1 (en) 2004-03-10 2007-05-17 Villela Agostinho De Arruda Access control system based on a hardware and software signature of a requesting device
US20070124689A1 (en) 2001-11-30 2007-05-31 David Weksel Method, system, apparatus, and computer program product for transmitting a message
WO2007060516A2 (en) 2005-08-26 2007-05-31 Teddy Yeung Man Lo Interactive bulletin board system and method
US20070143408A1 (en) 2005-12-15 2007-06-21 Brian Daigle Enterprise to enterprise instant messaging
US20070168288A1 (en) 2006-01-13 2007-07-19 Trails.Com, Inc. Method and system for dynamic digital rights bundling
US20070174633A1 (en) 2004-12-07 2007-07-26 Draper Stark C Biometric Based User Authentication and Data Encryption
US20070198422A1 (en) 2005-12-19 2007-08-23 Anand Prahlad System and method for providing a flexible licensing system for digital content
US20070207780A1 (en) 2006-02-23 2007-09-06 Mclean Ivan H Apparatus and methods for incentivized superdistribution of content
US20070209064A1 (en) 2004-03-26 2007-09-06 Shanghai Sanlen Info Security Co., Ltd. Secret File Access Authorization System With Fingerprint Limitation
US7272728B2 (en) 2004-06-14 2007-09-18 Iovation, Inc. Network security and fraud detection system and method
US20070219917A1 (en) 2004-03-29 2007-09-20 Smart Internet Tecnoogy Crc Pty Limited Digital License Sharing System and Method
US20070260883A1 (en) 2006-05-05 2007-11-08 Giobbi John J Personal digital key differentiation for secure transactions
US7305562B1 (en) 1999-03-09 2007-12-04 Citibank, N.A. System, method and computer program product for an authentication management infrastructure
US20070282615A1 (en) 2006-06-01 2007-12-06 Hamilton Rick A Method for Digital Rights Management
US7310813B2 (en) 2002-09-30 2007-12-18 Authenex, Inc. System and method for strong access control to a network
US7319987B1 (en) 1996-08-29 2008-01-15 Indivos Corporation Tokenless financial access system
US20080022103A1 (en) 2006-07-20 2008-01-24 Brown Michael K System and Method for Provisioning Device Certificates
WO2008013504A1 (en) 2006-07-26 2008-01-31 Starhub Ltd Network access method
US7327280B2 (en) 2002-08-15 2008-02-05 California Institute Of Technology Emergency vehicle traffic signal preemption system
US7337147B2 (en) 2005-06-30 2008-02-26 Microsoft Corporation Dynamic digital content licensing
US20080052775A1 (en) 1998-11-30 2008-02-28 Ravi Sandhu Secure Cookies
US7343297B2 (en) 2001-06-15 2008-03-11 Microsoft Corporation System and related methods for managing and enforcing software licenses
US20080065552A1 (en) 2006-09-13 2008-03-13 Gidon Elazar Marketplace for Transferring Licensed Digital Content
US20080086423A1 (en) 2006-10-06 2008-04-10 Nigel Waites Media player with license expiration warning
US20080120195A1 (en) 2006-11-21 2008-05-22 Shakkarwar Rajesh G Systems and methods for identification and authentication of a user
US20080120707A1 (en) 2006-11-22 2008-05-22 Alexander Ramia Systems and methods for authenticating a device by a centralized data server
US20080147556A1 (en) 2006-12-15 2008-06-19 Nbc Universal, Inc. Digital rights management flexible continued usage system and method
US20080152140A1 (en) 2003-10-07 2008-06-26 Koolspan, Inc. Mass subscriber management
US20080177997A1 (en) 2002-06-10 2008-07-24 Microsoft Corporation Security gateway for online console-based gaming
US7418665B2 (en) 2002-10-16 2008-08-26 Shaun Savage Portable cross platform database accessing method and system
US20080228578A1 (en) 2007-01-25 2008-09-18 Governing Dynamics, Llc Digital rights management and data license management
US20080242405A1 (en) 2007-03-30 2008-10-02 Microsoft Corporation On-line gaming authentication
US20080261562A1 (en) 2005-10-28 2008-10-23 Ivas Korea Corp System and Method for Providing Bidirectional Message Communication Services with Portable Terminals
WO2008127431A2 (en) 2006-11-21 2008-10-23 Verient, Inc. Systems and methods for identification and authentication of a user
US20080268815A1 (en) 2007-04-26 2008-10-30 Palm, Inc. Authentication Process for Access to Secure Networks or Services
US20080289025A1 (en) 2007-05-18 2008-11-20 Red Hat, Inc. Method and an apparatus to validate a web session in a proxy server
US7463945B2 (en) 2001-07-13 2008-12-09 Siemens Aktiengesellschaft Electronic fingerprints for machine control and production machines
WO2008157639A1 (en) 2007-06-21 2008-12-24 Uniloc Corporation System and method for auditing software usage
US20090003600A1 (en) 2007-06-29 2009-01-01 Widevine Technologies, Inc. Progressive download or streaming of digital media securely through a localized container and communication protocol proxy
US20090019536A1 (en) 2006-01-27 2009-01-15 Camrivox Ltd. Automatic ip network determination and configuration for edge devices
US20090083730A1 (en) 2007-09-20 2009-03-26 Richardson Ric B Installing Protected Software Product Using Unprotected Installation Image
US20090083833A1 (en) 2007-09-19 2009-03-26 Verayo, Inc. Authentication with physical unclonable functions
US20090113088A1 (en) 2004-06-08 2009-04-30 Dartdevices Corporation Method and device for interoperability in heterogeneous device environment
US20090132813A1 (en) 2007-11-08 2009-05-21 Suridx, Inc. Apparatus and Methods for Providing Scalable, Dynamic, Individualized Credential Services Using Mobile Telephones
WO2009065135A1 (en) 2007-11-17 2009-05-22 Uniloc Corporation System and method for adjustable licensing of digital products
US20090138643A1 (en) 2006-02-21 2009-05-28 France Te;Ecp, Method and device for securely configuring a terminal
US20090150674A1 (en) 2007-12-05 2009-06-11 Uniloc Corporation System and Method for Device Bound Public Key Infrastructure
US20090198618A1 (en) 2008-01-15 2009-08-06 Yuen Wah Eva Chan Device and method for loading managing and using smartcard authentication token and digital certificates in e-commerce
WO2009105702A2 (en) 2008-02-22 2009-08-27 Etchegoyen Craig S License auditing for distributed applications
WO2009143115A1 (en) 2008-05-21 2009-11-26 Uniloc Usa, Inc. Device and method for secured communication
US20090300744A1 (en) 2008-06-02 2009-12-03 Microsoft Corporation Trusted device-specific authentication
WO2009158525A2 (en) 2008-06-25 2009-12-30 Uniloc Usa, Inc. System and method for monitoring efficacy of online advertising
US7653899B1 (en) 2004-07-23 2010-01-26 Green Hills Software, Inc. Post-execution software debugger with performance display
US20100211795A1 (en) 2004-10-29 2010-08-19 Research In Motion Limited System and method for verifying digital signatures on certificates
WO2010093683A2 (en) 2009-02-10 2010-08-19 Uniloc Usa, Inc. Web content access using a client device identifier
US20100306038A1 (en) 2009-05-28 2010-12-02 Adam Harris Rewarding Initial Purchasers of Digital Media
US8171287B2 (en) 2004-03-10 2012-05-01 DNABOLT, Inc Access control system for information services based on a hardware and software signature of a requesting device

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6792113B1 (en) * 1999-12-20 2004-09-14 Microsoft Corporation Adaptable security mechanism for preventing unauthorized access of digital data
US8689300B2 (en) * 2007-01-30 2014-04-01 The Boeing Company Method and system for generating digital fingerprint

Patent Citations (176)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4246638A (en) 1978-09-14 1981-01-20 Thomas William J Method and apparatus for controlling usage of a programmable computing machine
US4351982A (en) 1980-12-15 1982-09-28 Racal-Milgo, Inc. RSA Public-key data encryption system having large random prime number generating microprocessor or the like
US4658093A (en) 1983-07-11 1987-04-14 Hellman Martin E Software distribution system
US4779224A (en) 1985-03-12 1988-10-18 Moseley Donald R Identity verification method and apparatus
US4704610A (en) 1985-12-16 1987-11-03 Smith Michel R Emergency vehicle warning and traffic control system
US4796220A (en) 1986-12-15 1989-01-03 Pride Software Development Corp. Method of controlling the copying of software
US4891503A (en) 1988-03-29 1990-01-02 Gascard, Inc. Distributed authorization system
US5239166A (en) 1989-01-17 1993-08-24 Graves Marcel A Secure data interchange system erasing a card memory upon an invalid response
WO1992009160A1 (en) 1990-11-07 1992-05-29 Tau Systems Corporation A secure system for activating personal computer software at remote locations
WO1992020022A1 (en) 1991-05-08 1992-11-12 Digital Equipment Corporation Management interface and format for license management system
US5745879A (en) 1991-05-08 1998-04-28 Digital Equipment Corporation Method and system for managing execution of licensed programs
US5260999A (en) 1991-06-28 1993-11-09 Digital Equipment Corporation Filters in license management system
WO1993001550A1 (en) 1991-07-01 1993-01-21 Infologic Software, Inc. License management system and method
US5414269A (en) 1991-10-29 1995-05-09 Oki Electric Industry Co., Ltd. Circuit for detecting a paper at a desired position along a paper feed path with a one shot multivibrator actuating circuit
US5210795A (en) 1992-01-10 1993-05-11 Digital Equipment Corporation Secure user authentication from personal computer
US5291598A (en) 1992-04-07 1994-03-01 Gregory Grundy Method and system for decentralized manufacture of copy-controlled software
US5418854A (en) 1992-04-28 1995-05-23 Digital Equipment Corporation Method and apparatus for protecting the confidentiality of passwords in a distributed data processing system
US5241594A (en) 1992-06-02 1993-08-31 Hughes Aircraft Company One-time logon means and methods for distributed computing systems
US5235642A (en) 1992-07-21 1993-08-10 Digital Equipment Corporation Access control subsystem and method for distributed computer system using locally cached authentication credentials
US5490216A (en) 1992-09-21 1996-02-06 Uniloc Private Limited System for software registration
AU678985B2 (en) 1992-09-21 1997-06-19 Uniloc Corporation Pty Limited System for software registration
US6294793B1 (en) 1992-12-03 2001-09-25 Brown & Sharpe Surface Inspection Systems, Inc. High speed optical inspection apparatus for a transparent disk using gaussian distribution analysis and method therefor
US5440635A (en) 1993-08-23 1995-08-08 At&T Corp. Cryptographic protocol for remote authentication
WO1995035533A1 (en) 1994-06-17 1995-12-28 Megalode Corporation Method for preventing use of software on an unauthorized computer
US20050108173A1 (en) 1994-11-23 2005-05-19 Contentgurad Holdings, Inc. System for controlling the distribution and use digital works using digital tickets
US5666415A (en) 1995-07-28 1997-09-09 Digital Equipment Corporation Method and apparatus for cryptographic authentication
US20060265337A1 (en) 1996-02-26 2006-11-23 Graphon Corporation Automated system for management of licensed digital assets
US5790664A (en) 1996-02-26 1998-08-04 Network Engineering Software, Inc. Automated system for management of licensed software
US7319987B1 (en) 1996-08-29 2008-01-15 Indivos Corporation Tokenless financial access system
US5754763A (en) 1996-10-01 1998-05-19 International Business Machines Corporation Software auditing mechanism for a distributed computer enterprise environment
US6330608B1 (en) 1997-03-31 2001-12-11 Stiles Inventions L.L.C. Method and system of a computer system for establishing communications between a service provider and a central service factory and registry in a computer system
US5925127A (en) 1997-04-09 1999-07-20 Microsoft Corporation Method and system for monitoring the use of rented software
US6029141A (en) 1997-06-27 2000-02-22 Amazon.Com, Inc. Internet-based customer referral system
US6233567B1 (en) 1997-08-29 2001-05-15 Intel Corporation Method and apparatus for software licensing electronically distributed programs
US5974150A (en) 1997-09-30 1999-10-26 Tracer Detection Technology Corp. System and method for authentication of goods
US7178025B2 (en) 1998-02-13 2007-02-13 Tec Sec, Inc. Access system utilizing multiple factor identification and authentication
US20030097331A1 (en) 1998-03-30 2003-05-22 Cohen Morris E. Systems for financial and electronic commerce
US6009401A (en) 1998-04-06 1999-12-28 Preview Systems, Inc. Relicensing of electronically purchased software
US20040059938A1 (en) 1998-04-29 2004-03-25 Microsoft Corporation Hardware ID to prevent software piracy
US20010044782A1 (en) 1998-04-29 2001-11-22 Microsoft Corporation Hardware ID to prevent software piracy
US6243468B1 (en) 1998-04-29 2001-06-05 Microsoft Corporation Software anti-piracy system that adapts to hardware upgrades
US20010034712A1 (en) 1998-06-04 2001-10-25 Colvin David S. System and method for monitoring software
US6044471A (en) 1998-06-04 2000-03-28 Z4 Technologies, Inc. Method and apparatus for securing software to reduce unauthorized use
US6785825B2 (en) 1998-06-04 2004-08-31 Z4 Technologies, Inc. Method for securing software to decrease software piracy
US20020161718A1 (en) 1998-08-04 2002-10-31 Coley Christopher D. Automated system for management of licensed software
US6158005A (en) 1998-09-10 2000-12-05 Audible, Inc. Cloning protection scheme for a digital information playback device
US6330670B1 (en) 1998-10-26 2001-12-11 Microsoft Corporation Digital rights management operating system
US20080052775A1 (en) 1998-11-30 2008-02-28 Ravi Sandhu Secure Cookies
US6449645B1 (en) 1999-01-19 2002-09-10 Kenneth L. Nash System for monitoring the association of digitized information having identification indicia with more than one of uniquely identified computers in a network for illegal use detection
US6418472B1 (en) 1999-01-19 2002-07-09 Intel Corporation System and method for using internet based caller ID for controlling access to an object stored in a computer
US7305562B1 (en) 1999-03-09 2007-12-04 Citibank, N.A. System, method and computer program product for an authentication management infrastructure
WO2000058895A2 (en) 1999-03-29 2000-10-05 Amazon.Com, Inc. Method and system for authenticating users when conducting commercial transactions using a computer
US6920567B1 (en) 1999-04-07 2005-07-19 Viatech Technologies Inc. System and embedded license control mechanism for the creation and distribution of digital content files and enforcement of licensed use of the digital content files
WO2000067095A1 (en) 1999-04-30 2000-11-09 Trymedia Systems Methods and apparatus for secure distribution of software
US20040117321A1 (en) 1999-07-30 2004-06-17 Sancho Enrique David System and method for secure network purchasing
US7100195B1 (en) 1999-07-30 2006-08-29 Accenture Llp Managing user information on an e-commerce system
GB2355322A (en) 1999-10-05 2001-04-18 Authoriszor Ltd System and method for positive client identification
US6536005B1 (en) 1999-10-26 2003-03-18 Teradyne, Inc. High-speed failure capture apparatus and method for automatic test equipment
US6230199B1 (en) 1999-10-29 2001-05-08 Mcafee.Com, Inc. Active marketing based on client computer configurations
US6826690B1 (en) 1999-11-08 2004-11-30 International Business Machines Corporation Using device certificates for automated authentication of communicating devices
WO2001090892A1 (en) 2000-05-25 2001-11-29 Everdream, Inc. Intelligent patch checker
US7069440B2 (en) 2000-06-09 2006-06-27 Northrop Grumman Corporation Technique for obtaining a single sign-on certificate from a foreign PKI system using an existing strong authentication PKI system
US7032110B1 (en) 2000-06-30 2006-04-18 Landesk Software Limited PKI-based client/server authentication
US20020082997A1 (en) 2000-07-14 2002-06-27 Hiroshi Kobata Controlling and managing digital assets
US20040059929A1 (en) 2000-09-14 2004-03-25 Alastair Rodgers Digital rights management
US20040024860A1 (en) 2000-10-26 2004-02-05 Katsuhiko Sato Communication system, terminal, reproduction program, recorded medium on which reproduction program is recorded, server device, server program, and recorded medium on which server program is recorded
US20070078785A1 (en) 2000-11-16 2007-04-05 Steve Bush Method and system for account management
US20020065097A1 (en) 2000-11-30 2002-05-30 Brockenbrough Allan E. System for arranging interactive games between players via multimode communication devices
US20020091937A1 (en) 2001-01-10 2002-07-11 Ortiz Luis M. Random biometric authentication methods and systems
US7206765B2 (en) 2001-01-17 2007-04-17 Contentguard Holdings, Inc. System and method for supplying and managing usage rights based on rules
US7085741B2 (en) 2001-01-17 2006-08-01 Contentguard Holdings, Inc. Method and apparatus for managing digital content usage rights
US20020019814A1 (en) 2001-03-01 2002-02-14 Krishnamurthy Ganesan Specifying rights in a digital rights license according to events
US20040049685A1 (en) 2001-03-14 2004-03-11 Laszlo Jaloveczki Authorisation method for a user of a limited access system having an authorisation centre
US7069595B2 (en) 2001-03-23 2006-06-27 International Business Machines Corporation Method of controlling use of digitally encoded products
US20030065918A1 (en) 2001-04-06 2003-04-03 Willey William Daniel Device authentication in a PKI
US20040030912A1 (en) 2001-05-09 2004-02-12 Merkle James A. Systems and methods for the prevention of unauthorized use and manipulation of digital content
US6976009B2 (en) 2001-05-31 2005-12-13 Contentguard Holdings, Inc. Method and apparatus for assigning consequential rights to documents and documents having such rights
US7343297B2 (en) 2001-06-15 2008-03-11 Microsoft Corporation System and related methods for managing and enforcing software licenses
US7203966B2 (en) 2001-06-27 2007-04-10 Microsoft Corporation Enforcement architecture and method for digital rights management system for roaming a license to a plurality of user devices
US7463945B2 (en) 2001-07-13 2008-12-09 Siemens Aktiengesellschaft Electronic fingerprints for machine control and production machines
US20040187018A1 (en) 2001-10-09 2004-09-23 Owen William N. Multi-factor authentication system
WO2003032126A2 (en) 2001-10-09 2003-04-17 Wireless Key Identification Systems, Inc. Multi-factor authentication system
US20070124689A1 (en) 2001-11-30 2007-05-31 David Weksel Method, system, apparatus, and computer program product for transmitting a message
US20030116621A1 (en) 2001-12-20 2003-06-26 Ncr Corporation Self-service terminal
US20030156719A1 (en) 2002-02-05 2003-08-21 Cronce Paul A. Delivery of a secure software license for a software product and a toolset for creating the sorftware product
US20030172035A1 (en) 2002-03-08 2003-09-11 Cronce Paul A. Method and system for managing software licenses
US20030182428A1 (en) 2002-03-19 2003-09-25 Jiang Li Peer-to-peer (P2P) communication system
US7082535B1 (en) 2002-04-17 2006-07-25 Cisco Technology, Inc. System and method of controlling access by a wireless client to a network that utilizes a challenge/handshake authentication protocol
US20080177997A1 (en) 2002-06-10 2008-07-24 Microsoft Corporation Security gateway for online console-based gaming
US7327280B2 (en) 2002-08-15 2008-02-05 California Institute Of Technology Emergency vehicle traffic signal preemption system
US7310813B2 (en) 2002-09-30 2007-12-18 Authenex, Inc. System and method for strong access control to a network
US7418665B2 (en) 2002-10-16 2008-08-26 Shaun Savage Portable cross platform database accessing method and system
US7188241B2 (en) 2002-10-16 2007-03-06 Pace Antipiracy Protecting software from unauthorized use by applying machine-dependent modifications to code modules
US20040172558A1 (en) 2002-11-18 2004-09-02 Terrance Callahan Method and system for access control
US20040107360A1 (en) 2002-12-02 2004-06-03 Zone Labs, Inc. System and Methodology for Policy Enforcement
US20040172531A1 (en) 2002-12-09 2004-09-02 Little Herbert A. System and method of secure authentication information distribution
WO2004054196A1 (en) 2002-12-09 2004-06-24 Research In Motion Limited System and method of secure authentication information distribution
US6859793B1 (en) 2002-12-19 2005-02-22 Networks Associates Technology, Inc. Software license reporting and control system and method
US20040143746A1 (en) 2003-01-16 2004-07-22 Jean-Alfred Ligeti Software license compliance system and method
US20060005237A1 (en) 2003-01-30 2006-01-05 Hiroshi Kobata Securing computer network communication using a proxy server
US20060168580A1 (en) 2003-02-21 2006-07-27 Shunji Harada Software-management system, recording medium, and information-processing device
EP1637958A2 (en) 2003-03-03 2006-03-22 Microsoft Corporation Compact hardware identification for binding a software package to a computer system having tolerance for hardware changes
US20050033833A1 (en) 2003-08-05 2005-02-10 International Business Machines Corporation Method, system, and program product fo rmanaging device identifiers
US20050034115A1 (en) 2003-08-08 2005-02-10 Carter Wade E. Method for remotely updating software for devices in a broadband network
US20050166263A1 (en) 2003-09-12 2005-07-28 Andrew Nanopoulos System and method providing disconnected authentication
US20080152140A1 (en) 2003-10-07 2008-06-26 Koolspan, Inc. Mass subscriber management
US20050138155A1 (en) 2003-12-19 2005-06-23 Michael Lewis Signal assessment
US20050172280A1 (en) 2004-01-29 2005-08-04 Ziegler Jeremy R. System and method for preintegration of updates to an operating system
US8171287B2 (en) 2004-03-10 2012-05-01 DNABOLT, Inc Access control system for information services based on a hardware and software signature of a requesting device
US20070113090A1 (en) 2004-03-10 2007-05-17 Villela Agostinho De Arruda Access control system based on a hardware and software signature of a requesting device
US20070209064A1 (en) 2004-03-26 2007-09-06 Shanghai Sanlen Info Security Co., Ltd. Secret File Access Authorization System With Fingerprint Limitation
US20070219917A1 (en) 2004-03-29 2007-09-20 Smart Internet Tecnoogy Crc Pty Limited Digital License Sharing System and Method
WO2005104686A2 (en) 2004-04-14 2005-11-10 Ipass Inc. Dynamic executable
US20060265446A1 (en) 2004-04-14 2006-11-23 Ipass Inc. Dynamic executable
US7836121B2 (en) 2004-04-14 2010-11-16 Ipass Inc. Dynamic executable
US20050265446A1 (en) 2004-05-26 2005-12-01 Broadcom Corporation Mosquito noise detection and reduction
US20050268087A1 (en) 2004-05-26 2005-12-01 Sony Corporation Program, communication device, data processing method, and communication system
US20090113088A1 (en) 2004-06-08 2009-04-30 Dartdevices Corporation Method and device for interoperability in heterogeneous device environment
US20120030771A1 (en) 2004-06-14 2012-02-02 Iovation, Inc. Network security and fraud detection system and method
US7272728B2 (en) 2004-06-14 2007-09-18 Iovation, Inc. Network security and fraud detection system and method
US20060036766A1 (en) 2004-07-21 2006-02-16 Nicolas Baupin Method and system for managing identity overload and private/public availability of an instant messaging address
US7653899B1 (en) 2004-07-23 2010-01-26 Green Hills Software, Inc. Post-execution software debugger with performance display
EP1637961A2 (en) 2004-09-15 2006-03-22 Microsoft Corporation Deploying and receiving software over a network susceptible to malicious communication
US20060072444A1 (en) 2004-09-29 2006-04-06 Engel David B Marked article and method of making the same
US20060080534A1 (en) 2004-10-12 2006-04-13 Yeap Tet H System and method for access control
US20060085310A1 (en) 2004-10-14 2006-04-20 Cfph Llc System and method for facilitating a wireless financial transaction
US20060090070A1 (en) 2004-10-21 2006-04-27 International Business Machines Corporation Method and system for verifying binding of an initial trusted device to a secured processing system
US20060095454A1 (en) 2004-10-29 2006-05-04 Texas Instruments Incorporated System and method for secure collaborative terminal identity authentication between a wireless communication device and a wireless operator
US20100211795A1 (en) 2004-10-29 2010-08-19 Research In Motion Limited System and method for verifying digital signatures on certificates
US20070174633A1 (en) 2004-12-07 2007-07-26 Draper Stark C Biometric Based User Authentication and Data Encryption
EP1670188A2 (en) 2004-12-10 2006-06-14 Alcatel Methods and systems for connection determination in a multi-point virtual private network
US20060161914A1 (en) 2005-01-14 2006-07-20 Microsoft Corporation Systems and methods to modify application installations
US20060282511A1 (en) 2005-06-14 2006-12-14 Hitachi Global Storage Technologies Netherlands B.V. Method for limiting utilizing terminal of contents, and memory device and system for method
US7337147B2 (en) 2005-06-30 2008-02-26 Microsoft Corporation Dynamic digital content licensing
WO2007060516A2 (en) 2005-08-26 2007-05-31 Teddy Yeung Man Lo Interactive bulletin board system and method
US20070061566A1 (en) 2005-09-09 2007-03-15 Bailey Daniel V Tokencode Exchanges for Peripheral Authentication
US20080261562A1 (en) 2005-10-28 2008-10-23 Ivas Korea Corp System and Method for Providing Bidirectional Message Communication Services with Portable Terminals
US20070143408A1 (en) 2005-12-15 2007-06-21 Brian Daigle Enterprise to enterprise instant messaging
US20070203846A1 (en) 2005-12-19 2007-08-30 Srinivas Kavuri System and method for providing a flexible licensing system for digital content
US20070198422A1 (en) 2005-12-19 2007-08-23 Anand Prahlad System and method for providing a flexible licensing system for digital content
US20070168288A1 (en) 2006-01-13 2007-07-19 Trails.Com, Inc. Method and system for dynamic digital rights bundling
US20090019536A1 (en) 2006-01-27 2009-01-15 Camrivox Ltd. Automatic ip network determination and configuration for edge devices
US20090138643A1 (en) 2006-02-21 2009-05-28 France Te;Ecp, Method and device for securely configuring a terminal
US20070207780A1 (en) 2006-02-23 2007-09-06 Mclean Ivan H Apparatus and methods for incentivized superdistribution of content
US20070260883A1 (en) 2006-05-05 2007-11-08 Giobbi John J Personal digital key differentiation for secure transactions
US20070282615A1 (en) 2006-06-01 2007-12-06 Hamilton Rick A Method for Digital Rights Management
US20080022103A1 (en) 2006-07-20 2008-01-24 Brown Michael K System and Method for Provisioning Device Certificates
WO2008013504A1 (en) 2006-07-26 2008-01-31 Starhub Ltd Network access method
US20080065552A1 (en) 2006-09-13 2008-03-13 Gidon Elazar Marketplace for Transferring Licensed Digital Content
US20080086423A1 (en) 2006-10-06 2008-04-10 Nigel Waites Media player with license expiration warning
WO2008127431A2 (en) 2006-11-21 2008-10-23 Verient, Inc. Systems and methods for identification and authentication of a user
US20080120195A1 (en) 2006-11-21 2008-05-22 Shakkarwar Rajesh G Systems and methods for identification and authentication of a user
US20080120707A1 (en) 2006-11-22 2008-05-22 Alexander Ramia Systems and methods for authenticating a device by a centralized data server
US20080147556A1 (en) 2006-12-15 2008-06-19 Nbc Universal, Inc. Digital rights management flexible continued usage system and method
US20080228578A1 (en) 2007-01-25 2008-09-18 Governing Dynamics, Llc Digital rights management and data license management
US20080242405A1 (en) 2007-03-30 2008-10-02 Microsoft Corporation On-line gaming authentication
US20080268815A1 (en) 2007-04-26 2008-10-30 Palm, Inc. Authentication Process for Access to Secure Networks or Services
US20080289025A1 (en) 2007-05-18 2008-11-20 Red Hat, Inc. Method and an apparatus to validate a web session in a proxy server
US20080320607A1 (en) 2007-06-21 2008-12-25 Uniloc Usa System and method for auditing software usage
WO2008157639A1 (en) 2007-06-21 2008-12-24 Uniloc Corporation System and method for auditing software usage
US20090003600A1 (en) 2007-06-29 2009-01-01 Widevine Technologies, Inc. Progressive download or streaming of digital media securely through a localized container and communication protocol proxy
US20090083833A1 (en) 2007-09-19 2009-03-26 Verayo, Inc. Authentication with physical unclonable functions
US20090083730A1 (en) 2007-09-20 2009-03-26 Richardson Ric B Installing Protected Software Product Using Unprotected Installation Image
WO2009039504A1 (en) 2007-09-20 2009-03-26 Uniloc Corporation Installing protected software product using unprotected installation image
US20090132813A1 (en) 2007-11-08 2009-05-21 Suridx, Inc. Apparatus and Methods for Providing Scalable, Dynamic, Individualized Credential Services Using Mobile Telephones
WO2009065135A1 (en) 2007-11-17 2009-05-22 Uniloc Corporation System and method for adjustable licensing of digital products
US20090138975A1 (en) 2007-11-17 2009-05-28 Uniloc Usa System and Method for Adjustable Licensing of Digital Products
US20090150674A1 (en) 2007-12-05 2009-06-11 Uniloc Corporation System and Method for Device Bound Public Key Infrastructure
WO2009076232A1 (en) 2007-12-05 2009-06-18 Uniloc Corporation System and method for device bound public key infrastructure
US20090198618A1 (en) 2008-01-15 2009-08-06 Yuen Wah Eva Chan Device and method for loading managing and using smartcard authentication token and digital certificates in e-commerce
WO2009105702A2 (en) 2008-02-22 2009-08-27 Etchegoyen Craig S License auditing for distributed applications
WO2009143115A1 (en) 2008-05-21 2009-11-26 Uniloc Usa, Inc. Device and method for secured communication
US20090300744A1 (en) 2008-06-02 2009-12-03 Microsoft Corporation Trusted device-specific authentication
WO2009158525A2 (en) 2008-06-25 2009-12-30 Uniloc Usa, Inc. System and method for monitoring efficacy of online advertising
WO2010093683A2 (en) 2009-02-10 2010-08-19 Uniloc Usa, Inc. Web content access using a client device identifier
US20100306038A1 (en) 2009-05-28 2010-12-02 Adam Harris Rewarding Initial Purchasers of Digital Media

Non-Patent Citations (22)

* Cited by examiner, † Cited by third party
Title
"Canon User Manual-Nikon Coolpix S52/S52c," Apr. 21, 2008, entire manual.
"How Microsoft Product Activation (WPA) Works in Windows XP and Windows Vista," PCBUYERBEWARE, retrieved from the Internet on May 10, 2008. XP002613942.
"Technical Details on Microsoft Product Activation for Windows XP," Internet Citation, XP002398930, Aug. 13, 2001.
"Canon User Manual—Nikon Coolpix S52/S52c," Apr. 21, 2008, entire manual.
Angha et al.; "Securing Transportation Network Infrastructure with Patented Technology of Device Locking-Developed by Uniloc USA", http://www.dkassociates.com/admin/paperfile/ITS%20World%20Paper%20Submission_Uniloc%20_2_.pdf; Oct. 24, 2006.
Angha et al.; "Securing Transportation Network Infrastructure with Patented Technology of Device Locking—Developed by Uniloc USA", http://www.dkassociates.com/admin/paperfile/ITS%20World%20Paper%20Submission_Uniloc%20_2_.pdf; Oct. 24, 2006.
David J-L, "Cookieless Data Persistence in Possible," Apr. 23, 2003, Internet Article retrieved on Sep. 21, 2010. XP002603490.
Econolite and Uniloc Partner to Bring Unmatched Infrastructure Security to Advanced Traffic Control Networks with Launch to StrongPoint. http://www.econolite.com/docs/press/20080304_Econolite_StronPoint.pdf; Mar. 4, 2008.
H. Williams, et al., "Web Database Applications with PHP & MySQL", Chapter 1, "Database Applications and the Web", ISBN 0-596-00041-3, O'Reilly & Associates, Inc., Mar. 2002, avail. at: http://docstore.mik.ua/orelly/webprog/webdb/ch01_01.htm. XP002603488.
Housley et al., "Internet x.509 Public Key Infracstructure Certificate and CRL Profile," The Internet Society, Network Working Group, Sep. 1999, 75 pages. [RFC 2459].
International Search Report and Written Opinion dated Mar. 15, 2013, for PCT Application No. PCT/US2012/037837.
Iovation, "Controlling High Fraud Risk of International Transactions," Iovation Reputation Services, White Paper, May 2007.
Iovation, "Using Reputation of Devices to Detect and Prevent Online Retail Fraud," White Paper, Apr. 2007.
Jensen et al., "Assigning and Enforcing Security Policies on Handheld Devices," 2002, 8 pages.
Johnson et al. "Dimensions of Online Behavior: Toward a User Typology," Cyberpsycology and Behavior, vol. 10, No. 6, pp. 773-779, 2007. XP002617349.
Johnson et al. "Dynamic Source Routing in Ad Hoc Wireless Networks," Mobile Computing, Kluwer Academic Publishers, 1996.
Klein, M., "How to Use a Loyalty Analysis," Loyalty Builders, pp. 1-6, 2003. XP002617371.
Lallous, "Changing Volume's Serial Number," Code Project Feb. 17, 2008, retreived from the internet on Dec. 14, 2010. XP002614149.
Lee P, "Oracle Adaptive Access Manager Reference Guide, Release 10g (10.1.4.5)," May 2009, Internet Article retrieved on Sep. 27, 2010. XP002603489.
Wikipedia: "Device Fingerprint," May 5, 2009, modified Jan. 20, 2011, Internet Article retrieved on Apr. 19, 2011. XP-002603492.
Wikipedia: "Software Extension," May 28, 2009, Internet Article retrieved on Oct. 11, 2010. XP002604710.
Williams, R., "A Painless Guide to CRC Error Detection Algorithms," Aug. 13, 1993, 33 pages, www.ross.net/crc/download/crc_v3.txt.

Also Published As

Publication number Publication date
US20130212382A1 (en) 2013-08-15
AU2011100168A4 (en) 2011-03-10
AU2011100168B4 (en) 2011-06-30
US20120204033A1 (en) 2012-08-09
US8438394B2 (en) 2013-05-07

Similar Documents

Publication Publication Date Title
US10432609B2 (en) Device-bound certificate authentication
US10664577B2 (en) Authentication using delegated identities
US12135766B2 (en) Authentication translation
JP6066647B2 (en) Device apparatus, control method thereof, and program thereof
US8683196B2 (en) Token renewal
CN111600899A (en) Micro-service access control method and device, electronic equipment and storage medium
US9154504B2 (en) Device apparatus, control method, and relating storage medium
US20090271625A1 (en) System and method for pool-based identity generation and use for service access
US20080052762A1 (en) Method and System for Server Support of Pluggable Authorization Systems
US20040264697A1 (en) Group security
US20150235042A1 (en) Systems and methods for authenticating an application
US9652599B2 (en) Restricted code signing
CN115037480B (en) Device authentication and verification method, device, equipment and storage medium
WO2020173019A1 (en) Access certificate verification method and device, computer equipment and storage medium
US20250330323A1 (en) Techniques for binding tokens to a device and collecting device posture signals
CN112738005A (en) Access processing method, device, system, first authentication server and storage medium
GB2575250A (en) Methods for delivering an authenticatable management activity to remote devices
WO2013009385A2 (en) Device-bound certificate authentication
EP3070906A1 (en) Multifaceted assertion directory system
CN118713867A (en) Method, device, electronic device and storage medium for mutual recognition of identities between systems
JP7596485B2 (en) Authentication information signature system, authentication information signature program, and authentication information signature method
US20250254164A1 (en) Managing access to secure enterprise resources using identity verification services and verified authenticators
CN121418107A (en) Interface access method, apparatus, electronic device, storage medium, and program product
EP3143749B1 (en) Restricted code signing

Legal Events

Date Code Title Description
AS Assignment

Owner name: UNILOC LUXEMBOURG S.A., LUXEMBOURG

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:ETCHEGOYEN, CRAIG S.;HARJANTO, DONO;REEL/FRAME:030143/0983

Effective date: 20130403

AS Assignment

Owner name: DEVICEAUTHORITY, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:UNILOC LUXEMBOURG S.A.;REEL/FRAME:034719/0489

Effective date: 20141211

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

AS Assignment

Owner name: CRYPTOSOFT LIMITED, ENGLAND

Free format text: MERGER;ASSIGNOR:DEVICEAUTHORITY, INC.;REEL/FRAME:040774/0019

Effective date: 20160420

AS Assignment

Owner name: DEVICE AUTHORITY LTD, UNITED KINGDOM

Free format text: CHANGE OF NAME;ASSIGNOR:CRYPTOSOFT LIMITED;REEL/FRAME:040779/0128

Effective date: 20160421

AS Assignment

Owner name: UNILOC LUXEMBOURG S.A., LUXEMBOURG

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:HARJANTO, DONO;REEL/FRAME:041064/0956

Effective date: 20120525

Owner name: NETAUTHORITY, INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:UNILOC LUXEMBOURG S.A.;REEL/FRAME:041470/0468

Effective date: 20130102

Owner name: UNILOC LUXEMBOURG S.A., LUXEMBOURG

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:ETCHEGOYEN, CRAIG S.;REEL/FRAME:041062/0591

Effective date: 20120525

AS Assignment

Owner name: UNILOC LUXEMBOURG S.A., LUXEMBOURG

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:NETAUTHORITY, INC.;REEL/FRAME:041480/0512

Effective date: 20130827

AS Assignment

Owner name: UNILOC LUXEMBOURG S.A., LUXEMBOURG

Free format text: CORRECTIVE ASSIGNMENT TO CORRECT THE INCORRECT APPL. NO. 13/797,006 PREVIOUSLY RECORDED AT REEL: 041062 FRAME: 0591. ASSIGNOR(S) HEREBY CONFIRMS THE ASSIGNMENT;ASSIGNOR:ETCHEGOYEN, CRAIG S.;REEL/FRAME:041925/0006

Effective date: 20120525

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YR, SMALL ENTITY (ORIGINAL EVENT CODE: M2551); ENTITY STATUS OF PATENT OWNER: SMALL ENTITY

Year of fee payment: 4